Re: [tor-relays] IP addresses as false positives?
grarpamp: On Mon, Jan 5, 2015 at 11:15 AM, eliaz el...@riseup.net wrote: processes involved. Since they're private, I assume they're broadcasts Private are RFC1918. Broadcasts are 255.255.255.255 or the subnet based versions of same. \ Thanks! I'll check out the RFC. - eliaz ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IP addresses as false positives?
grarpamp: I run in a dedicated low-power box on my LAN, to save electricity. Is that as good as a VM? Whichever way you like. If you've got all sorts of virii/malware going on in an environment of exposure you wouldn't want your regular personal files or activities exposed to that. All my connections/boxes/firewalls are OK, generally get very few alert s I don't know how to confirm that exits are MITMs. I can post the FPs of Turn off TBB, Tor, bridge, vidalia, socks, everything about tor. Browse to the same place/url you got an alert with normal Firefox over clearnet See if you get an alert. the ones that show up, though. So far all the alerts lead me to recognizable nodes that show up OK in Atlas, etc. My mistake. One IP address can't be found in Atlas or Globe. See below. Others have not reporting 'all these alerts' and exits several days. If you wanted to you could post the name and version of your AV program and your OS version. And the full text of one of these alerts (if it's not sensitive to you) and the exit FP. I've gone back to my records. The .txt attachment gives what I'd gotten for three different IP addresses. I'm not panicked about this don't expect anyone to put more time into my query. But the different results may interest someone. - eliaz 4:35 AM 1/6/2015 AV alerts on tor nodes Here follows traces of IP addresses that provoked virus alerts in Avast Pro Antivirus. Five alerts from three IP addresses (2, 1, 2). These were interspersed with some other similar alerts for different IP addresses that I didn't record. See second trace below. === Trace 1 (2 instances) Object: https://95.211.98.159 Fingerprint:64846B8BAEDB6234FEB18E18124CC9C9C279C254 Via Globe === Trace 2 (2 instances) Object: https://212.83.183.18 (2 instances) Fingerprint Not found: Could not reach via Atlas or Globe. Clearnet browser times out; got tired of waiting for tor browser to connect. Ping times out. Tracert gives: tracert 212.83.183.18 Tracing route to this.is.a.tor.exit.afo-tm.org [212.83.183.18] over a maximum of 30 hops: 11 ms1 ms1 ms 192.168.1.1 11 144 ms 142 ms 145 ms online-gw.ip4.gtt.net [46.33.93.90] 12 141 ms 143 ms 142 ms 195.154.1.163 13 *** Request timed out. ... 15 *** Request timed out. 16 * ^C === Trace 3 (1 instance) URL:https://176.9.232.121 Fingerprint:66FDD4CD9C048B42650C2617C7FB7A51095CB31D Via Globe === Detail: All AV scanners up to date. Tor box runs Avast Pro Antivirus, and runs tor only. I don't run a tor client from there. Other box runs AVG Antivirus usually runs clearnet firefox. I can turn on torbrowser vidalia as necessay, though. They were off while I tried to rouse Trace 2 in clear. OSs are Win7 32 bit (tor box), 64 bit (other box)___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help - My relay consensus has been stripped back to 20
Yours and mine are back to 20. On 05.01.2015 03:37 PM, bigbud...@safe-mail.net wrote: Original Message From: tor-relays-requ...@lists.torproject.org Apparently from: tor-relays-boun...@lists.torproject.org To: tor-relays@lists.torproject.org Subject: tor-relays Digest, Vol 48, Issue 15 Date: Mon, 05 Jan 2015 11:05:49 + Message: 3 Date: Mon, 05 Jan 2015 11:36:59 +0100 From: Network Operations Center n...@schokomil.ch To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Help - My relay consensus has been stripped backto 20 Message-ID: 84a966b4ad0f4d6a230d7b51f1d6b...@schokomil.ch Content-Type: text/plain; charset=UTF-8; format=flowed Mine just jumped to 18,000, again I'd like to stress that I have not changed anything in my torrc: https://atlas.torproject.org/#details/3D7E274A87D9A89AF064C13D1EE4CA1F184F2600 Yup, me too. Seems to be back thankfully. Would love to know why though best BB ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IP addresses as false positives?
On Tue, Jan 6, 2015 at 5:34 AM, eliaz el...@riseup.net wrote: for three different IP addresses. I'm not panicked about this don't Those IP's are exits, no idea why they're being called out by avg. What are the malware/virus id's, the same all the time, different? Try a unix like freebsd or linux someday, tends to be more secure anyway. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Help - My relay consensus has been stripped back to 20
Argh - yes you are right. It was fine again last night and yes it is back down to 20. What the hell is going on? I find it quite troubling that nobody seems to know (or wants to say) why these relays are getting disabled. cheers BB Original Message From: tor-relays-requ...@lists.torproject.org Apparently from: tor-relays-boun...@lists.torproject.org To: tor-relays@lists.torproject.org Subject: tor-relays Digest, Vol 48, Issue 21 Date: Tue, 06 Jan 2015 12:00:02 + Yours and mine are back to 20. On 05.01.2015 03:37 PM, bigbudtor at Safe-mail.net wrote: Original Message From: tor-relays-request at lists.torproject.org Apparently from: tor-relays-bounces at lists.torproject.org To: tor-relays at lists.torproject.org Subject: tor-relays Digest, Vol 48, Issue 15 Date: Mon, 05 Jan 2015 11:05:49 + Message: 3 Date: Mon, 05 Jan 2015 11:36:59 +0100 From: Network Operations Center noc at schokomil.ch To: tor-relays at lists.torproject.org Subject: Re: [tor-relays] Help - My relay consensus has been stripped backto 20 Message-ID: 84a966b4ad0f4d6a230d7b51f1d6b42f at schokomil.ch Content-Type: text/plain; charset=UTF-8; format=flowed Mine just jumped to 18,000, again I'd like to stress that I have not changed anything in my torrc: https://atlas.torproject.org/#details/3D7E274A87D9A89AF064C13D1EE4CA1F184F2600 Yup, me too. Seems to be back thankfully. Would love to know why though best BB ___ tor-relays mailing list tor-relays at lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
